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DETAILED ACTION 



Claim Rejections - 35 USC § 102 



1. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1-26 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Ambrosini et al. (U.S. Patent No. 6,609,121 and Ambrosini hereinafter). 

As to claim 1 , Ambrosini teaches a method for processing calls (i.e. client's query/ 

request into the directory database) (Fig. 2; col 2, lines 16-67) to a directory (i.e. "In LDAP, the basic unit of 
information consists of an entry. Entries are stored in a directories.") (col 2, lines 16-67), comprising: 
receiving a Call (i.e. client's query/ request into the directory database) (Fig. 2; col 2, lines 16-67); 
evaluating (i.e. "determining the schema rules that the entry must obey, ") (col 3, lines 15-18; col 5, lines 35-67) 
the Call (Fig. 2; col 2, lines 16-67) according tO One Or more rules (i.e. "LDAP permits a user to control 
which attributes are required and allowed for a particular object class, thus determining the schema rules that the 
entry must obey. " ... "Plug-in functions can be written to perform the following tasks: Validating data before the 
server performs an LDAP operation on the data; ") (col 3, lines 15-18; col 5, lines 35-67) governing data that 

may be included in the directory (col 2, lines 16-67); and processing the call (Fig. 2; col 2, lines 

16-67) based Upon the evaluation (i.e. "determining the schema rules that the entry must obey. ") (col 3, 
lines 15-18; col 5, lines 35-67) of the Call (i.e. client's query/ request into the directory database) (Fig. 2; col 2, 
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lines 16-67) according to the one or more previously determined rules (i.e. "ldap permits a user 

to control which attributes are required and allowed for a particular object class, thus determining the schema rules 
that the entry must obey. " ... "Plug-in functions can be written to perform the following tasks: Validating data 
before the server performs an LDAP operation on the data; ") (col 3, lines 15-18; col 5, lines 35-67). 

As to claim 2, Ambrosini teaches that the step of evaluating (i.e. "determining the 

schema rules that the entry must obey. ") (col 3, lines 15-18; col 5, lines 35-67) the Call includes 
determining if the Call (i.e. client's query/ request into the directory database) (Fig. 2; col 2, lines 16-67) 
includes a request tO add data (i.e. U LDAP represents a simple, albeit powerful directory service which is 
capable of performing powerful directory service queries as well as allowing clients to issue commands that add, 
delete or modify directory service entries. ") (col 2, lines 16-67) to the directory (col 2, lines 16-67), a 

request to modify data (col 2, lines 16-67) in the directory, or a request to delete (col 2, lines 16- 

67) data from the directory (i.e. "In LDAP, the basic unit of information consists of an entry. Entries are 
stored in a directories. ") (col 2, lines 16-67). 

As to claim 3, Ambrosini teaches wherein if the call (i.e. client's query/ request into the 

directory database) (Fig. 2; col 2, lines 16-67) does not include a request to add data (i.e. "LDAP 
defines operations for interrogating and updating the directory. Furthermore, LDAP provides operations for adding 
and deleting an entry from the directory, changing an existing entry, and changing the name of an entry. Still the 
primary operation of LDAP is to search for information stored in the directory. " ... "Further, if the LDAP server 
plug-in Junction is invoked before an LDAP operation executes, the plug-in function can prevent the LDAP 
operation from executing. For example, a plug-in function can validate data before a new entry is added to the 
directory. ") (col 3, lines 25-30; col 6, lines 35-47) tO the directory (i.e. "In LDAP, the basic unit of information 
consists of an entry. Entries are stored in a directories. ") (col 2, lines 16-67), a request to modify data (col 
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3, lines 25-30; col 6, lines 35-47) in the directory, or a request to delete data (col 3, lines 25-30; col 6, 
lines 35-47) from the directory (col 2, lines 16-67), then the processing step includes 

forwarding (i.e. if the client request does not involve adding, deleting or modifying data then the request is for 
searching data and the searching request does not need validation and is merely forwarded/ sent to the directory) (col 
3, lines 25-30; col 6, lines 35-47) the Call to the directory (col 2, lines 16-67). 

AS to Claim 4, AmbrOSini teaches Wherein the Call (i.e. client's query/ request into the 
directory database) (Fig. 2; col 2, lines 16-67) is forwarded to the directory (i.e. "In LDAP, the basic unit of 
information consists of an entry. Entries are stored in a directories, ") (col 2, lines 16-67) through 3 directory 
access Server (i.e. the LDAP server) (col 5, lines 50-67) Controlling access (i.e. "For example, in order 
to restrict searches of a directory to entries exclusively including access control lists, the search phrase 
"objectclass^acl" can be specified so that only entries purporting to be access control lists are located. ") (col 3, 
lines 10-17) to the directory (col 2, lines 16-67). 

As to claim 5, Ambrosini teaches that wherein the evaluation (i.e. "determining the 

schema rules that the entry must obey. ") (col 3, lines 15-18; col 5, lines 35-67) Step further includes 
determining (i.e. determining if the request data/ entry is valid by some validity standards/rules) (col 3, lines 15- 
18; col 5, lines 35-67) if One Or more attributes (i.e. " In performing a directory query, LDAP clients can 
choose filter attributes in the directory tree, for example a search location, and filter the search therefrom. Sample 
"base" values can include "st=FL . . . c=us" or "I=Boca Raton, ^Highland Beach Directory, st=FL, . . . , 
c=us". ") (col 3, lines 48-53; col 4, lines 50-67; col 5, lines 1-67) included in the Call (Fig. 2; col 2, lines 16- 
67) Comply (i.e. determining if the request data/ entry is valid by some validity standards/rules) (col 3, lines 15- 
18; col 5, lines 35-67) with One Of more rules in a Set Of rules (i.e. the validity standards/rules or schema 
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rules; a set can consist of one or more entities in it.) (col 3, lines 15-18; col 5, lines 35-67) when the Call (Fig. 2; 
col 2, lines 16-67) includes 3 request (Fig. 2; col 2, lines 16-67) to add data (i.e. "LDAP defines 
operations for interrogating and updating the directory. Furthermore, LDAP provides operations for adding and 
deleting an entry from the directory, changing an existing entry, and changing the name of an entry. Still the 
primary operation of LDAP is to search for information stored in the directory. " ... "Further, if the LDAP server 
plug-in function is invoked before an LDAP operation executes, the plug-in function can prevent the LDAP 
operation from executing. For example, a plug-in function can validate data before a new entry is added to the 
directory. ") (col 3, lines 25-30; col 6, lines 35-47) to the directory (i.e. "In LDAP, the basic unit of information 
consists of an entry. Entries are stored in a directories. ") (col 2, lines 16-67), a request to modify data (col 
3, lines 25-30; col 6, lines 35-47) in the directory (col 2, lines 16-67), or a request to delete data (col 

3, lines 25-30; col 6, lines 35-47) from the directory (col 2, lines 16-67). 

As to claim 6, Ambrosini teaches that wherein the processing step includes 

forwarding (i.e. to send the client request to the directory if the validity of the client request is fulfilled) (col 3, 
lines 25-30; col 6, lines 35-47) the Call (Fig. 2; col 2, lines 16-67) to the directory (col 2, lines 16-67) when 
the One Or more attributes (i.e. " In performing a directory query, LDAP clients can choose filter attributes 
in the directory tree, for example a search location, and fdter the search therefrom. Sample "base " values can 
include "st=FL . . . c=us" or "I=Boca Raton, I=Highland Beach Directory, st-FL, . . . , c=us". ") (col 3, lines 48- 
53; col 4, lines 50-67; col 5, lines 1-67) included in the Call (Fig. 2; col 2, lines 16-67) Comply (i.e. 
determining if the request data/ entry is valid by some validity standards/rules) (col 3, lines 15-18; col 5, lines 35- 

67) with each of the one or more rules in the first set of rules (i.e. the validity standards/rules or 

schema rules; a set can consist of one or more entities in it.) (col 3, lines 15-18; col 5, lines 35-67). 
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As to claim 7, Ambrosini teaches wherein the call (Fig. 2; col 2, lines 16-67) is 

forwarded (i.e. to send the client request to the directory if the validity of the client request is fulfilled) (col 3, 
lines 25-30; col 6, lines 35-47) to the directory (i.e. "In LDAP f the basic unit of information consists of an 
entry. Entries are stored in a directories. ") (col 2, lines 16-67) through a directory access Server (i.e. the 
LDAP server) (col 5, lines 50-67) controlling access (i.e. 'Tor example, in order to restrict searches of a 
directory to entries exclusively including access control lists, the search phrase "objectclass=acl" can be specified 
so that only entries purporting to be access control lists are located ") (col 3, lines 10-17) to the directory (col 

2, lines 16-67). 

As to claim 8, Ambrosini teaches that wherein the processing step includes 

forwarding (i.e. to send/ return an error message to the client) (col 6, lines 35-60) an error message (i.e. 
"For example, a plug-in function can validate data before a new entry is added to the directory. If the data is invalid, 
the plug-in function can abort the LDAP add operation and return an error message to the LDAP client) (col 6, lines 
35-48) to a SOUrce (i.e. the LDAP client) (col 6, lines 35-60) of the Call (i.e. client's query/ request into the 
directory database) (Fig. 2; col 2, lines 16-67) when the One Or more attributes (i.e. "In performing a 
directory query, LDAP clients can choose filter attributes in the directory tree, for example a search location, and 
filter the search therefrom. Sample "base " values can include "st=FL . . . c=us " or "I=Boca Raton, I=Highland 
Beach Directory, st=FL, ... f c=us". ") (col 3, lines 48-53; col 4, lines 50-67; col 5, lines 1-67) included in the 
Call (Fig. 2; col 2, lines 16-67) do not Comply (i.e. deterniining if the request data/ entry is valid by some 
validity standards/rules) (col 3, lines 15-18; col 5, lines 35-67) with each Of the One Or more OlleS in the 
Set of rules (i.e. the validity standards/rules or schema rules; a set can consist of one or more entities in it.) (col 

3, lines 15-18; col 5, lines 35-67). 
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As to claim 9, Ambrosini teaches that wherein the processing step includes 

forwarding (i.e. to send the client request to the directory if the validity of the client request is fulfilled) (col 3, 
lines 25-30; col 6, lines 35-47) the Call (i.e. client's query/ request into the directory database) (Fig. 2; col 2, lines 
16-67) to the directory (i.e. "In LDAP, the basic unit of information consists of an entry. Entries are stored in a 
directories.") (col 2, lines 16-67) when the One Or more attributes (i.e. "In performing a directory query, 
LDAP clients can choose filter attributes in the directory tree, for example a search location, and filter the search 
therefrom. Sample "base" values can include "st=FL . . . c=us" or "I=Boca Raton, ^Highland Beach Directory, 
st=FL, . . . , c=us". ") (col 3, lines 48-53; col 4, lines 50-67; col 5, lines 1-67) included in the Call Comply 
(i.e. determining if the request data/ entry is valid by some validity standards/rules) (col 3, lines 15-18; col 5, lines 

35-67) with at least one of the one or more rules in the set of rules (i.e. the validity 

standards/rules or schema rules; a set can consist of one or more entities in it.) (col 3, lines 15-18; col 5, lines 35- 
67). 

As to claim 10, Ambrosini teaches that wherein the call (i.e. client's query/ request into 

the directory database) (Fig. 2; col 2, lines 16-67) is forwarded to the directory (i.e. "In LDAP, the basic 
unit of information consists of an entry. Entries are stored in a directories. ") (col 2, lines 16-67) through a 
directory access Server (i.e. the LDAP server) (col 5, lines 50-67) Controlling access (i.e. "For 
example, in order to restrict searches of a directory to entries exclusively including access control lists, the search 
phrase "objectctass=acl" can be specified so that only entries purporting to be access control lists are located. ") 
(col 3, lines 10-17) to the directory (col 2, lines 16-67). 

As to claim 1 1 , Ambrosini teaches wherein the processing step includes 

forwarding (i.e. to send/ return an error message to the client) (col 6, lines 35-60) an error message (i.e. 
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"For example, a plug-in junction can validate data before a new entry is added to the directory. If the data is 
invalid, the plug-in Junction can abort the LDAP add operation and return an error message to the LDAP client) 
(col 6, lines 35-48) to a SOUrce (i.e. the LDAP client) (col 6, lines 35-60) Of the Call (i.e. client's query/ 
request into the directory database) (Fig. 2; col 2, lines 16-67) When the One Or more attributes (i.e. "In 
performing a directory query, LDAP clients can choose filter attributes in the directory tree, for example a search 
location, and filter the search therefrom. Sample "base" values can include "st-FL . . . c=us " or "I~Boca Raton, 
^Highland Beach Directory, st=FL, ... , c=us". ") (col 3, lines 48-53; col 4, lines 50-67; col 5, lines 1-67) 
included in the Call (Fig. 2; col 2, lines 16-67) dO not Comply (i.e. determining if the request data/ entry is 
valid by some validity standards/rules) (col 3, lines 15-18; col 5, lines 35-67) with any Of the One Or more 
rules in the Set Of rules (i.e. the validity standards/rules or schema rules; a set can consist of one or more 
entities in it.) (col 3, lines 15-18; col 5, lines 35-67). 



As to claim 12, Ambrosini teaches that wherein the evaluation (i.e. "determining the 

schema rules that the entry must obey. ") (col 3, lines 15-18; col 5, lines 35-67) Step further includes 
determining (i.e. determining if the request data/ entry is valid by some validity standards/rules) (col 3, lines 15- 
18; col 5, lines 35-67) if One Or more attributes (i.e. "In performing a directory query, LDAP clients can 
choose filter attributes in the directory tree, for example a search location, and filter the search therefrom. Sample 
"base" values can include "st=FL . . . c=us" or "I=Boca Raton, ^Highland Beach Directory, st=FL, . . . , c=us") 
(col 3, lines 48-53; col 4, lines 50-67; col 5, lines 1-67) included in the Call (i.e. client's query/ request into the 
directory database) (Fig. 2; col 2, lines 16-67) Comply (i.e. determining if the request data/ entry is valid by some 
validity standards/rules) (col 3, lines 15-18; col 5, lines 35-67) with One Or more rules in a first (i.e. the 
validity rule corresponding to the LDAP client's add operation that the plug-in function uses. A set can consist of 
one or more entities) (col 3, lines 15-18; col 5, lines 35-67) Set of Riles (i.e. the validity standards/rules or 

schema rules; a set can consist of one or more entities in it.) (col 3, lines 15-18; col 5, lines 35-67) when the Call 
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includes a request to add data (i.e. "LDAP defines operations for interrogating and updating the 
directory. Furthermore, LDAP provides operations for adding and deleting an entry from the directory, changing an 
existing entry, and changing the name of an entry. Still the primary operation of LDAP is to search for information 
stored in the directory. " ... "Further, if the LDAP server plug-in Junction is invoked before an LDAP operation 
executes, the plug-in function can prevent the LDAP operation from executing. For example, a plug-in function can 
validate data before a new entry is added to the directory. ") (col 3, lines 25-30; col 6, lines 35-47) to the 

directory, determining if one or more attributes (col 3, lines 48-53; col 4, lines 50-67; col 5, lines l- 
67) included in the call (Fig. 2; col 2, lines 16-67) comply with one or more rules in a second 

(i.e. the validity rule corresponding to the LDAP client's modify operation that the plug-in function uses. A set can 
consist of one or more entities) (col 3, lines 15-18; col 5, lines 35-67) Set Of rules (i.e. the validity 
standards/rules or schema rules; a set can consist of one or more entities in it.) (col 3, lines 15-18; col 5, lines 35-67) 

when the call (Fig. 2; col 2, lines 16-67) includes a request to modify data (col 3, lines 25-30; col 6, 
lines 35-47) in the directory, and determining (col 3, lines 15-18; col 5, lines 35-67) if one or more 

attributes (col 3, lines 48-53; col 4, lines 50-67; col 5, lines 1-67) included in the Call (Fig. 2; col 2, lines 
16-67) Comply With One Or more rules in a third (i.e. the validity rule corresponding to the LDAP 
client's delete operation that the plug-in function uses. A set can consist of one or more entities) (col 3, lines 15-18; 
col 5, lines 35-67) Set Of rules (i.e. the validity standards/rules or schema rules; a set can consist of one or more 
entities in it.) (col 3, lines 15-18; col 5, lines 35-67) When the Call (Fig. 2; col 2, lines 16-67) includes a 
request tO delete data (col 3, lines 25-30; col 6, lines 35-47) from the directory (i.e. "InLDAP, the 
basic unit of information consists of an entry. Entries are stored in a directories. ") (col 2, lines 16-67). 



As to claim 13, Ambrosini teaches wherein the directory (i.e. 4t in ldap, the basic unit of 

information consists of an entry. Entries are stored in a directories. ") (col 2, lines 16-67) employs the 

lightweight directory access protocol (i.e. ldap) (col 2, lines 16-67). 
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As to claim 14, Ambrosini teaches a rule attribute enforcer (i.e. plug-in function) (col 5, 

lines 35-67; col 6, lines 35-47), comprising: B rule Validator (i.e. plug-in function) (col 5, lines 35-67; col 6, 
lines 35-47) for determining (i.e. determining if the request data/ entry is valid by some validity standards/rules) 
(col 3, lines 15-18; col 5, lines 35-67) if attributes (i.e. "In performing a directory query, LDAP clients can 
choose filter attributes in the directory tree, for example a search location, and filter the search therefrom. Sample 
"base " values can include "st=FL . . . c=us " or "I -Boca Raton, I=Highland Beach Directory, st-FL, . . . , 
c=us". ") (col 3, lines 48-53; col 4, lines 50-67; col 5, lines 1-67) in 3 Call (i.e. client's query/ request into the 
directory database) (Fig. 2; col 2, lines 16-67) to a directory (i.e. "In LDAP, the basic unit of information 
consists of an entry. Entries are stored in a directories. ") (col 2, lines 16-67) Comply (i.e. determining if the 
request data/ entry is valid by some validity standards/rules) (col 3, lines 15-18; col 5, lines 35-67) with rules (i.e. 
validity criteria used by the plug-in function) (col 5, lines 35-67; col 6, lines 35-47) governing data that may 
be included in the directory (i.e. "In LDAP, the basic unit of information consists of an entry. Entries are 
stored in a directories. ") (col 2, lines 16-67); and a transaction (i.e. add, modify or delete transaction) (col 5, 
lines 35-67; col 6, lines 35-47) monitor (i.e. the LDAP server) (col 5, lines 50-67) for intercepting (i.e. "An 
LDAP client can connect to an LDAP servers and transmit a request for data. ") (col 4, lines 15-30) Calls (Fig. 2; 

col 2, lines 16-67) to the directory (col 2, lines 16-67), such that the transaction monitor (i.e. the 

LDAP server) (col 5, lines 50-67) diverts (i.e. "In most cases, when the LDAP server calls an LDAP server plug- 
in function, the LDAP server passes a parameter block to the plug- in function. ") (col 5, lines 35-67; col 6, lines 35- 
47) intercepted Calls tO the rule validator (i.e. plug-in function) (col 5, lines 35-67; col 6, lines 35-47) 
that include a request tO add data (i.e. "LDAP defines operations for interrogating and updating the 
directory. Furthermore, LDAP provides operations for adding and deleting an entry from the directory, changing an 
existing entry, and changing the name of an entry. Still the primary operation of LDAP is to search for information 
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stored in the directory. " ... "Further, if the LDAP server plug-in function is invoked before an LDAP operation 
executes, the plug-in function can prevent the LDAP operation from executing. For example, a plug-in function can 
validate data before a new entry is added to the directory. ") (col 3, lines 25-30; col 6, lines 35-47) to the 
directory (col 2, lines 16-67), a request to modify data (col 3, lines 25-30; col 6, lines 35-47) in the 

directory (col 2, lines 16-67), or a request to delete data (col 3, lines 25-30; col 6, lines 35-47) from 

the directory (col 2, lines 16-67); and forwards (i.e. if the client request does not involve adding, deleting or 
modifying data then the request is for searching data and the searching request does not need validation and is 
merely forwarded/ sent to the directory) (col 3, lines 25-30; col 6, lines 35-47) intercepted Calls (Fig. 2; col 2, 

lines 16-67 to the directory (col 2, lines 16-67) that do not include a request to add data (col 3, 
lines 25-30; col 6, lines 35-47) to the directory (col 2, lines 16-67), a request to modify data (col 3, 
lines 25-30; col 6, lines 35-47) in the directory (col 2, lines 16-67), or a request to delete data (col 3, 

lines 25-30; col 6, lines 35-47) from the directory (col 2, lines 16-67). 

As to claim 15, Ambrosini teaches wherein when the rule validator (i.e. plug-in 

function) (col 5, lines 35-67; col 6, lines 35-47) determines (i.e. determining if the request data/ entry is valid by 
some validity standards/rules) (col 3, lines 15-18; col 5, lines 35-67) that One Or more attributes (i.e. "In 
performing a directory query, LDAP clients can choose filter attributes in the directory tree, for example a search 
location, and filter the search therefrom. Sample "base" values can include "st=FL . . . c=us" or "I=Boca Raton, 
^Highland Beach Directory, st=FL, . . . , c=us". ") (col 3, lines 48-53; col 4, lines 50-67; col 5, lines 1-67) 
included in a Call (i.e. client's query/ request into the directory database) (Fig. 2; col 2, lines 16-67) Comply 
(i.e. determining if the request data/ entry is valid by some validity standards/rules) (col 3, lines 15-18; col 5, lines 
35-67) With each Of One Or more rules in a Set Of rules (i.e. the validity standards/rules or schema 
rules; a set can consist of one or more entities in it.) (col 3, lines 15-18; col 5, lines 35-67), the rule validator 
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(i.e. plug-in function) (col 5, lines 35-67; col 6, lines 35-47) forwards (i.e. to send the client request to the 
directory if the validity of the client request is fulfilled) (col 3, lines 25-30; col 6, lines 35-47) the Call (Fig. 2; col 
2, lines 16-67). 

As to claim 16, Ambrosini teaches wherein the rule validator (i.e. plug-in function) (col 

5, lines 35-67; col 6, lines 35-47) forwards (i.e. The LDAP server calls the plug-in function before executing the 
LDAP operation (e.g. add, delete, modify or search); The plug-in function validates the operation and then sends the 
validation result to the LDAP server and the server executes the operation on the directory) (col 5, lines 35-67; col 6, 

lines 35-47) the call to the transaction monitor (i.e. the ldap server) (col 5, lines 50-67), and the 

transaction monitor (i.e. the LDAP server) (col 5, lines 50-67) relays (col 5, lines 35-67; col 6, lines 35-47) 
the Call (i.e. client's query/ request into the directory database) (Fig. 2; col 2, lines 16-67) to the directory 
(i.e. "In LDAP, the basic unit of information consists of an entry. Entries are stored in a directories. ") (col 2, lines 
16-67). 

As to claim 17, Ambrosini teaches wherein transaction monitor (i.e. the ldap server 

(16), a software entity which is situated in the LDAP server) (Fig. 3; col 5, lines 50-67) relays the Call to the 
directory (i.e. "In LDAP f the basic unit of information consists of an entry. Entries are stored in a directories. ") 
(col 2, lines 16-67) through a directory access Server (i.e. the LDAP server) (col 5, lines 50-67) that 
Controls access (i.e. "For example, in order to restrict searches of a directory to entries exclusively including 
access control lists, the search phrase ,t objectclass=acl tf can be specified so that only entries purporting to be 
access control lists are located. ") (col 3, lines 10-17) to the directory (col 2, lines 16-67). 
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As to claim 18, Ambrosini teaches wherein the rule validator (i.e. plug-in function) (col 

5, lines 35-67; col 6, lines 35-47) forwards (i.e. to send the client request to the directory if the validity of the 
client request is fulfilled) (col 3, lines 25-30; col 6, lines 35-47) the Call (i.e. client's query/ request into the 
directory database) (Fig. 2; col 2, lines 16-67) to the directory (i.e. "In LDAP, the basic unit of information 
consists of an entry. Entries are stored in a directories. ") (col 2, lines 16-67). 

As to claim 19, Ambrosini teaches wherein the rule validator (i.e. plug-in function) (col 

5, lines 35-67; col 6, lines 35-47) forwards (i.e. The LDAP server calls the plug-in function before executing the 
LDAP operation (e.g. add, delete, modify or search); The plug-in function validates the operation and then sends the 
validation result to the LDAP server and the server executes the operation on the directory) (col 5, lines 35-67; col 6, 
lines 35-47) the Call (i.e. client's query/ request into the directory database) (Fig. 2; col 2, lines 16-67) to the 
directory (i.e. "In LDAP, the basic unit of information consists of an entry. Entries are stored in a directories. ") 
(col 2, lines 16-67) through a directory access Server (i.e. the LDAP server) (col 5, lines 50-67) that 
Controls aCCeSS (i.e. "For example, in order to restrict searches of a directory to entries exclusively including 
access control lists, the search phrase ,i objectclass=acl" can be specified so that only entries purporting to be 
access control lists are located. ") (col 3, lines 10-17) to the directory (col 2, lines 16-67). 

As to claim 20, Ambrosini teaches wherein when the rule validator (i.e. plug-in 

function) (col 5, lines 35-67; col 6, lines 35-47) determines (i.e. determining if the request data/ entry is valid by 
some validity standards/rules) (col 3, lines 15-18; col 5, lines 35-67) that One Or more attributes (i.e. "In 
performing a directory query, LDAP clients can choose filter attributes in the directory tree, for example a search 
location, and filter the search therefrom. Sample "base" values can include "st=FL . . . c=us" or "I=Boca Raton, 
1= Highland Beach Directory, st-FL, ... , c=us". ") (col 3, lines 48-53; col 4, lines 50-67; col 5, lines 1-67) 
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included in a call (i.e. client's query/ request into the directory database) (Fig. 2; col 2, lines 16-67) Comply 
(i.e. determining if the request data/ entry is valid by some validity standards/rules) (col 3, lines 15-18; col 5, lines 
35-67) With at least One Of One Or more rules in a Set Of rules (i.e. the validity standards/rules or 
schema rules; a set can consist of one or more entities in it.) (col 3, lines 15-18; col 5, lines 35-67), the rule 
validator (col 5, lines 35-67; col 6, lines 35-47) forwards (i.e. The LDAP server calls the plug-in function 
before executing the LDAP operation (e.g. add, delete, modify or search); The plug-in function validates the 
operation and then sends the validation result to the LDAP server and the server executes the operation on the 
directory) (col 5, lines 35-67; col 6, lines 35-47) the Call (Fig. 2; col 2, lines 16-67). 

As to claim 21 , Ambrosini teaches wherein the rule validator (i.e. plug-in function) (col 

5, lines 35-67; col 6, lines 35-47) forwards (i.e. The LDAP server calls the plug-in function before executing the 
LDAP operation (e.g. add, delete, modify or search); The plug-in function validates the operation and then sends the 
validation result to the LDAP server and the server executes the operation on the directory) (col 5, lines 35-67; col 6, 
lines 35-47) the Call (i.e. client's query/ request into the directory database) (Fig. 2; col 2, lines 16-67) to the 

transaction monitor (i.e. the ldap server) (col 5, lines 50-67), and the transaction monitor (i.e. the 

LDAP server) (col 5, lines 50-67) relays (col 5, lines 35-67; col 6, lines 35-47) the Call (Fig. 2; col 2, lines 16- 
67) to the directory (i.e. "In LDAP t the basic unit of information consists of an entry. Entries are stored in a 
directories. ") (col 2, lines 16-67). 

As to claim 22, Ambrosini teaches wherein transaction monitor (i.e. the ldap server 

(16), a software entity which is situated in the LDAP server) (Fig. 3; col 5, lines 50-67) relays (col 5, lines 35-67; 
col 6, lines 35-47) the Call (i.e. client's query/ request into the directory database) (Fig. 2; col 2, lines 16-67) to 
the directory (i.e. "In LDAP, the basic unit of information consists of an entry. Entries are stored in a 
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directories.") (col 2, lines 16-67) through a directory access Server (i.e. the LDAP server) (col 5, lines 
50-67) that Controls aCCeSS (i.e. 'Tor example, in order to restrict searches of a directory to entries 
exclusively including access control lists, the search phrase "objectclass^acl" can be specified so that only entries 
purporting to be access control lists are located. ") (col 3, lines 10-17) to the directory (col 2, lines 16-67). 

As to claim 23, Ambrosini teaches wherein the rule validator (i.e. plug-in function) (col 

5, lines 35-67; col 6, lines 35-47) forwards (i.e. to send the client request to the directory if the validity of the 
client request is fulfilled) (col 3, lines 25-30; col 6, lines 35-47) the Call (i.e. client's query/ request into the 
directory database) (Fig. 2; col 2, lines 16-67) to the directory (i.e. "In LDAP, the basic unit of information 
consists of an entry. Entries are stored in a directories. ") (col 2, lines 16-67). 

As to claim 24, Ambrosini teaches wherein the rule validator (i.e. plug-in function) (col 

5, lines 35-67; col 6, lines 35-47) forwards (i.e. The LDAP server calls the plug-in function before executing the 
LDAP operation (e.g. add, delete, modify or search); The plug-in function validates the operation and then sends the 
validation result to the LDAP server and the server executes the operation on the directory) (col 5, lines 35-67; col 6, 
lines 35-47) the Call (i.e. client's query/ request into the directory database) (Fig. 2; col 2, lines 16-67) to the 
directory (i.e. "In LDAP, the basic unit of information consists of an entry. Entries are stored in a directories. ") 
(col 2, lines 16-67) through a directory access Server (i.e. the LDAP server) (col 5, lines 50-67) that 
Controls aCCeSS (i.e. 'Tor example, in order to restrict searches of a directory to entries exclusively including 
access control lists, the search phrase "objectclass=acl" can be specified so that only entries purporting to be 
access control lists are located. ") (col 3, lines 10-17) to the directory (col 2, lines 16-67). 
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As to claim 25, Ambrosini teaches a directory network (i.e. "The ldap directory service 

is based on a client-server model. ") (col 4, lines 15-17), including: One Or more Client Computers (i.e. 
LDAP clients) (col 4, lines 15-120)", a directory (i.e. "In LDAP, the basic unit of information consists of an 
entry. Entries are stored in a directories. ") (col 2, lines 16-67), and an attribute rule enforcer (i.e. plug-in 
function) (col 5, lines 35-67; col 6, lines 35-47), the attribute Olle enforcer (i.e. plug-in function) (col 5, 

lines 35-67; col 6, lines 35-47) being arranged in the directory network (col 4, lines 15-17) so as to 

intercept Calls (i.e. client's query/ request into the directory database) (Fig. 2; col 2, lines 16-67) from the 

one or more client computers (i.e. ldap clients) (col 4, lines 15-120) to the directory (col 2, lines 16- 

67). 

As to claim 26, Ambrosini teaches the directory network (i.e. "The ldap directory 
service is based on a client-server model. ") (col 4, lines 15-17) further including directory access server 

(i.e. the LDAP server) (col 5, lines 50-67) that controls aCCeSS (i.e. "For example, in order to restrict 
searches of a directory to entries exclusively including access control lists, the search phrase "objectclass=acl" can 
be specified so that only entries purporting to be access control lists are located ") (col 3, lines 10-17) to the 
directory (i.e. "In LDAP, the basic unit of information consists of an entry. Entries are stored in a directories. ") 
(col 2, lines 16-67) interposed (i.e. works between the directory and the plug-in function) (col 5, lines 35-67; col 
6, lines 35-47) between the attribute rule enforcer (i.e. plug-in function) (col 5, lines 35-67; col 6, lines 

35-47) and the directory (col 2, lines 16-67). 
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